project/netifd.git
2 days agoiprule: add ipproto property master
Paul Donald [Thu, 17 Oct 2024 14:28:25 +0000 (16:28 +0200)]
iprule: add ipproto property

```
config rule
option ...
option ipproto '17'
```

This allows handling rules which anchor to protocol number like:

`ip ru add from all ipproto udp table udp_table prior 10`

Handle ipproto as an unsigned integer.

https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

Example:

config rule
option in 'lan'
option src '10.48.0.0/16'
option out 'lan'
option dest '192.168.1.144/32'
option lookup 'main'
option ipproto '17'

Results in

~# ip rule
0: from all lookup local
1: from 10.48.0.0/16 to 192.168.1.144 iif br-lan oif br-lan ipproto udp lookup main

Tested on 23.05.5 x86_64

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
8 days agowireless: add support for adding a list of devices for a wifi-iface
Felix Fietkau [Tue, 19 Nov 2024 12:56:22 +0000 (13:56 +0100)]
wireless: add support for adding a list of devices for a wifi-iface

Simplifies handling of a single SSID on multiple radios.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
8 days agoproto-shell: fix spurious interface teardowns with host deps
Felix Fietkau [Mon, 18 Nov 2024 19:59:27 +0000 (20:59 +0100)]
proto-shell: fix spurious interface teardowns with host deps

Only treat IFEV_UP_FAILED, IFEV_DOWN and IFEV_FREE as down indicators

Signed-off-by: Felix Fietkau <nbd@nbd.name>
9 days agosystem-linux: do not pull ifindex/flags from netlink messages on rtnl events
Felix Fietkau [Mon, 18 Nov 2024 13:17:45 +0000 (14:17 +0100)]
system-linux: do not pull ifindex/flags from netlink messages on rtnl events

rtnl event processing might be delayed due to other calls / state changes.
That can lead to devices toggled up/down unnecessarily.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 weeks agodevice/interface: add "tags" attribute from config to status dump
Felix Fietkau [Fri, 8 Nov 2024 09:33:35 +0000 (10:33 +0100)]
device/interface: add "tags" attribute from config to status dump

This allows annotating interfaces/devices in the config in a way that can be
queried through status. One example use case is to mark wifi interfaces for
use with specific services without having to explicitly reference sections
from elsewhere.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 weeks agoubus: add notifications on wireless device state changes
Felix Fietkau [Fri, 8 Nov 2024 09:07:32 +0000 (10:07 +0100)]
ubus: add notifications on wireless device state changes

Provide notifications similar to interface state changes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 weeks agosystem-dummy: add system_if_apply_settings_after_up
Felix Fietkau [Mon, 21 Oct 2024 15:41:56 +0000 (17:41 +0200)]
system-dummy: add system_if_apply_settings_after_up

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 weeks agofix signed/unsigned comparison warnings
Felix Fietkau [Mon, 21 Oct 2024 15:41:19 +0000 (17:41 +0200)]
fix signed/unsigned comparison warnings

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 weeks agomain: fix format string related warnings for log/debug printf functions
Felix Fietkau [Sun, 20 Oct 2024 19:07:11 +0000 (21:07 +0200)]
main: fix format string related warnings for log/debug printf functions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 weeks agowireless: reload wireless device if any vif network bridge changes ifindex
Felix Fietkau [Sun, 6 Oct 2024 17:40:55 +0000 (19:40 +0200)]
wireless: reload wireless device if any vif network bridge changes ifindex

This fixes an issue where wireless vifs were not added back after the bridge
was recreated due to config changes (e.g. after switching to vlan filtering).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 months agointerface: fix regression on adding hotplug devices to interfaces
Felix Fietkau [Sat, 21 Sep 2024 16:26:50 +0000 (18:26 +0200)]
interface: fix regression on adding hotplug devices to interfaces

Adding the same device to an interface again led to a call chain that ended
up removing the device again through device callbacks.
Fix this by only toggling the interface available status when the device is
still the same.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 months agoRevert "system-linux: re-apply ethtool on phy attachment"
Daniel Golle [Thu, 12 Sep 2024 11:43:52 +0000 (13:43 +0200)]
Revert "system-linux: re-apply ethtool on phy attachment"

This reverts commit 68c8a4f94cd3cfd654a52cbc8b57c5c9d99640dd.

Matching on flags IFF_UP AND NOT IFF_LOWER_UP and then reapply ethtool
settings freaks out some PHY drivers. While a better method is being
worked on, revert the problematic solution.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2 months agodevice: simplify external device settings handling
Felix Fietkau [Wed, 4 Sep 2024 10:09:38 +0000 (12:09 +0200)]
device: simplify external device settings handling

Use the normal set_state function, but leave out the system_if_up/down part.
Fixes a race condition that prevented properly applying device settings

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 months agodevice: revert to explicit device_set_present calls
Felix Fietkau [Tue, 3 Sep 2024 13:13:47 +0000 (15:13 +0200)]
device: revert to explicit device_set_present calls

Works around unknown hangs exposed by the recent changes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 months agodevice: remove redundant newlines from debug messages
Felix Fietkau [Tue, 3 Sep 2024 10:06:39 +0000 (12:06 +0200)]
device: remove redundant newlines from debug messages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 months agointerface: improve hotplug handling reliability
Felix Fietkau [Tue, 3 Sep 2024 10:01:24 +0000 (12:01 +0200)]
interface: improve hotplug handling reliability

Retry interface setup if the same device is added again

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 months agowireless: handle link updates even if devices are present already
Felix Fietkau [Tue, 3 Sep 2024 09:57:07 +0000 (11:57 +0200)]
wireless: handle link updates even if devices are present already

Redundant updates are caught further down the chain

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 months agomain: add messages to udebug regardless of their log level
Felix Fietkau [Tue, 3 Sep 2024 09:26:52 +0000 (11:26 +0200)]
main: add messages to udebug regardless of their log level

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 months agodevice: do not pull device present state from hotplug events
Felix Fietkau [Tue, 3 Sep 2024 08:11:26 +0000 (10:11 +0200)]
device: do not pull device present state from hotplug events

Use hotplug events as trigger for system_if_check instead.
Fixes a race condition in event processing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 months agodevice: add more debugging code
Felix Fietkau [Mon, 2 Sep 2024 18:26:54 +0000 (20:26 +0200)]
device: add more debugging code

Helps figure out corner cases

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2 months agointerface: add support for disabling renew on topology change
Felix Fietkau [Wed, 17 Jul 2024 17:56:50 +0000 (19:56 +0200)]
interface: add support for disabling renew on topology change

In some cases this may trigger too many dhcp requests, tripping up upstream
servers, so there needs to be an option to disable this behavior.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
4 months agosystem-linux: re-apply ethtool on phy attachment
Daniel Golle [Fri, 5 Jul 2024 18:15:10 +0000 (19:15 +0100)]
system-linux: re-apply ethtool on phy attachment

ethtool settings applied before the interface is in IFF_UP state
are going to be lost when phylink is being used.
This is the case with many modern NICs as well as when using SFP
modules, resulting in the speed, duplex, *pause and autoneg
settings not having any effect.

Reapply ethtool settings once the PHY is attached.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 months agowireless: add support for defining wifi interfaces via procd service data
Felix Fietkau [Mon, 3 Jun 2024 18:29:20 +0000 (20:29 +0200)]
wireless: add support for defining wifi interfaces via procd service data

This makes it possible to dynamically define wifi interfaces from other
services without having to update the config.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 months agowireless: use blobmsg_parse_attr
Felix Fietkau [Mon, 3 Jun 2024 18:33:03 +0000 (20:33 +0200)]
wireless: use blobmsg_parse_attr

Simplify the code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 months agoproto-shell: add proto property for skipping device config
Felix Fietkau [Mon, 13 May 2024 13:58:27 +0000 (15:58 +0200)]
proto-shell: add proto property for skipping device config

This is useful for PPPoE, where settings like MTU should not be applied to
the lower device

Signed-off-by: Felix Fietkau <nbd@nbd.name>
9 months agoCMake: bump the minimum required CMake version to 3.5
Yegor Yefremov [Fri, 12 Jan 2024 07:50:32 +0000 (08:50 +0100)]
CMake: bump the minimum required CMake version to 3.5

From: Yegor Yefremov <yegorslists@googlemail.com>

Older CMake versions are marked as deprecated and generate
the related warning:

Compatibility with CMake < 3.5 will be removed from a future
version of CMake.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
10 months agodevice: restore cleared flags on device down
Erik Karlsson [Tue, 5 Dec 2023 23:22:58 +0000 (00:22 +0100)]
device: restore cleared flags on device down

In case flags have been cleared because settings failed to apply,
restore them when the device is brought down so that they will be
re-attempted the next time the device is brought up.

Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
10 months agosystem-linux: fix race condition in netlink socket error handing
Matthias Schiffer [Tue, 2 Jan 2024 14:58:30 +0000 (15:58 +0100)]
system-linux: fix race condition in netlink socket error handing

The error handling needed for the buffer growth logic relies on
uloop_fd's error flag, which is set based on epoll events. Doing so
without handling recvmsg's error codes is racy, as an error state may be
set between receiving epoll events and the next recvmsg, but calling
recvmsg clears the error state.

To fix this, add handling for errors returned by nl_recvmsgs_default()
and nl_recv(); checking for u->error and retrieving the error status
using getsockopt() becomes redundant.

We have observed this issue on Gluon (recent OpenWrt 23.05); on some
devices with DSA switches, the bridge interface's carrier-on event would
consistenly get lost during boot due to insufficient buffer space
(see [1]).

We have bisected the issue to netifd commit 516ab774cc16 ("system-linux:
fix race condition on bringing up wireless devices"), but that commit only
uncovered the preexisting bug by switching from getting the carrier state
from sysfs to using the netlink messages in cb_rtnl_event().

I suspect that other recent issues about netifd missing a carrier state
change like [2] may have the same underlying cause.

[1] https://github.com/freifunk-gluon/gluon/issues/3130
[2] https://github.com/openwrt/openwrt/issues/13863

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
11 months agoRevert "system-linux: set pending to 0 on ifindex found or error for if_get_master"
Felix Fietkau [Tue, 19 Dec 2023 21:32:56 +0000 (22:32 +0100)]
Revert "system-linux: set pending to 0 on ifindex found or error for if_get_master"

This reverts commit 66a7652176a7580b55076a0975b77c2bfb5bf7ce.
Users reported that netifd hangs after this commit. I suspect that the added
optimization which sets data->pending to false early might be the cause.
It might leave unprocessed netlink messages in the socket, which could mess up
the next netlink call.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
11 months agodevice: Log error message if device initialization failed
Dustin Spicuzza [Wed, 19 Apr 2023 17:44:56 +0000 (13:44 -0400)]
device: Log error message if device initialization failed

Signed-off-by: Dustin Spicuzza <dustin@virtualroadside.com>
11 months agonetifd: fix undefined va_list value which can cause crashes
Mikael Magnusson [Fri, 15 Dec 2023 22:19:47 +0000 (23:19 +0100)]
netifd: fix undefined va_list value which can cause crashes

Reinitialize the va_list value after the call
to netifd_udebug_vprintf() in netifd_log_message().

It's needed since netifd_udebug_vprintf() invokes vsnprintf()
which in turn invokes the va_arg() macro, and after that call
the va_list value is undefined.

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
11 months agosystem-linux: set pending to 0 on ifindex found or error for if_get_master
Christian Marangi [Sun, 17 Dec 2023 15:47:16 +0000 (16:47 +0100)]
system-linux: set pending to 0 on ifindex found or error for if_get_master

Fix Coverity Defect 1559194 reporting an Infinite loop when
data->pending is not set to 0 on finishing the callback.

While this is a false-positive report as ACK is always called, this is a
good time to optimize the code and make the callback exit early if we
find the ifindex for the DSA conduit.

Correctly set pending to 0 on ifindex found or error for if_get_master
valid netlink callback.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
11 months agosystem-linux: skip refreshing MAC on master change if custom MAC
Christian Marangi [Tue, 12 Dec 2023 00:15:55 +0000 (01:15 +0100)]
system-linux: skip refreshing MAC on master change if custom MAC

If custom MAC or a default MAC needs to be applied, skip refreshing MAC
after master change to correctly apply the custom MAC.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
11 months agosystem-linux: set master early on apply settings
Christian Marangi [Tue, 12 Dec 2023 00:14:25 +0000 (01:14 +0100)]
system-linux: set master early on apply settings

Move master setting up before anything as settings may gets reset on
master change.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
11 months agobridge: rework config change pvid handling
Felix Fietkau [Tue, 5 Dec 2023 11:37:50 +0000 (12:37 +0100)]
bridge: rework config change pvid handling

Fix issues when a member port is moved from one VLAN to another

Signed-off-by: Felix Fietkau <nbd@nbd.name>
11 months agobridge: fix reload on bridge vlan changes
Felix Fietkau [Tue, 5 Dec 2023 10:52:44 +0000 (11:52 +0100)]
bridge: fix reload on bridge vlan changes

config_pending needs to be set even if the bridge is inactive, in order to
handle changes to the member list

Signed-off-by: Felix Fietkau <nbd@nbd.name>
11 months agodebug: remove newline from debug messages
Felix Fietkau [Tue, 5 Dec 2023 10:28:57 +0000 (11:28 +0100)]
debug: remove newline from debug messages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
11 months agonetifd: add netlink udebug ring
Felix Fietkau [Tue, 5 Dec 2023 09:35:30 +0000 (10:35 +0100)]
netifd: add netlink udebug ring

Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agoudebug: use helper code for ubus config handling
Felix Fietkau [Mon, 27 Nov 2023 17:40:14 +0000 (18:40 +0100)]
udebug: use helper code for ubus config handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agowireless: add bridge_isolate option
Felix Fietkau [Mon, 20 Nov 2023 18:03:06 +0000 (19:03 +0100)]
wireless: add bridge_isolate option

This enables the device bridge port isolate flag

Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agosystem-linux: fix bogus debug error messages on adding bridge members
Felix Fietkau [Mon, 20 Nov 2023 17:35:49 +0000 (18:35 +0100)]
system-linux: fix bogus debug error messages on adding bridge members

Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agoreplace DPRINTF calls with D(...)
Felix Fietkau [Mon, 20 Nov 2023 16:02:43 +0000 (17:02 +0100)]
replace DPRINTF calls with D(...)

This makes messages appear in udebug output

Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agoadd udebug support
Felix Fietkau [Mon, 20 Nov 2023 16:00:08 +0000 (17:00 +0100)]
add udebug support

Add internal debug messages and log messages to the ring buffer

Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agointerface-ip: fix IPv4 route target masking
Jo-Philipp Wich [Tue, 14 Nov 2023 13:01:44 +0000 (14:01 +0100)]
interface-ip: fix IPv4 route target masking

A previous commit supposed to mask out excess host bits in route targets
failed to correctly calculate the mask value, causing it to produce
improper results for certain mask lengths.

Fixes: #17
Fixes: 76eb342 ("interface-ip: mask out host bits in IPv4 route targets")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
12 months agosystem-linux: refresh MAC address on DSA port conduit change
Christian Marangi [Sat, 11 Nov 2023 22:27:11 +0000 (23:27 +0100)]
system-linux: refresh MAC address on DSA port conduit change

On changing the conduit for a DSA port, the conduit may have different
a MAC address. In the scenario where a port is part of a bridge and
is the primary port, some inconsistency may arise where the bridge have
the MAC address of the previous conduit and is never updated.
This inconsistency cause problem with packet forwarding with FDB and
other related problems.

To fix this, refresh the original MAC address after the conduit for the
DSA port is changed by polling the new MAC address for the device using
ioctl API.

Fixes: 2dc7f450f3a2 ("system-linux: add option to configure DSA conduit device")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
12 months agowireless: fix premature removal of hotplug devices due to down state
Felix Fietkau [Fri, 10 Nov 2023 14:34:23 +0000 (15:34 +0100)]
wireless: fix premature removal of hotplug devices due to down state

When a device is added that isn't up, status toggles can sometimes lead to a
DEV_EVENT_REMOVE event, which causes the device to be removed from an interface
or a bridge.
Fix this by toggling the dev->disabled status instead based on IFF_UP, and
adding a check to bridge/interface code to only permanently remove devices that
are actually gone.

Fixes: 516ab774cc16 ("system-linux: fix race condition on bringing up wireless devices")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agowireless: fix sign comparison warning
Felix Fietkau [Fri, 10 Nov 2023 12:53:38 +0000 (13:53 +0100)]
wireless: fix sign comparison warning

Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agodevice: add support to configure eee
Rahul Thakur [Sat, 19 Aug 2023 03:33:46 +0000 (09:03 +0530)]
device: add support to configure eee

Add support for configurable EEE option i.e. energy efficient ethernet.

The option can be configured by adding the config for the device in the
network uci config. Example:

config device
option name 'eth0'
option eee '1'

Signed-off-by: Rahul Thakur <rahul.thakur@iopsys.eu>
12 months agosystem-linux: fix compilation error if IFLA_DSA_MASTER is not supported
Christian Marangi [Thu, 9 Nov 2023 16:24:36 +0000 (17:24 +0100)]
system-linux: fix compilation error if IFLA_DSA_MASTER is not supported

Changing DSA port conduit was introduced only with kernel 6.1. Fix
compilation error by disabling support for this on unsupported kernels.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
12 months agosystem-linux: make system_if_get_master_ifindex static
Christian Marangi [Thu, 9 Nov 2023 16:19:48 +0000 (17:19 +0100)]
system-linux: make system_if_get_master_ifindex static

Make system_if_get_master_ifindex static as it was wrongly exposed and
is only used in system-linux.c.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
12 months agosystem-linux: add option to configure DSA conduit device
Christian Marangi [Thu, 2 Nov 2023 15:34:47 +0000 (16:34 +0100)]
system-linux: add option to configure DSA conduit device

Device might have multiple CPU port with DSA based switch and OEM
firmware might set specific port to one CPU port (for example WAN) to
sustain full gigabit traffic with the kernel.

To set them iproute2 tool is currently required.
Add support to set the DSA port conduit directly from network config
using netlink. Example:

config device
            option name 'lan1'
            option conduit 'eth1'

Conduit option refer to the CPU port interface. Invalid option will
simply be ignored and won't be applied similar to what iproute2 does.

Option can also be set in board.json by setting the conduit option.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
12 months agosystem-linux: add support for configurable GRO option
Christian Marangi [Wed, 25 Oct 2023 01:27:58 +0000 (03:27 +0200)]
system-linux: add support for configurable GRO option

Add support for configurable GRO option. Some device doesn't have HW
Checksum support and may suffer from performance regression by using
GRO. Disabling GRO restore the original performance and make the device
usable again.

The option can be configured by adding the config for the device in the
network config. Example:

config device
option name 'eth0'
option gro '0'

The option can also be configured by adding the config to the
board.json.

Notice that a new "kind" of settings are introduced
"system_if_apply_settings_after_up". Option set in this function will be
executed AFTER the interface is UP. This is needed as some option
(example GRO) needs to be applied after the interface is UP and applying
them before results in error in ioctl.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
12 months agointerface-ip: allow configuring routes without explicit interface
Jo-Philipp Wich [Thu, 24 Aug 2023 12:43:31 +0000 (14:43 +0200)]
interface-ip: allow configuring routes without explicit interface

Support the configuration of network routes not bound to any specific
interface. In case such a route is configured, it will be internally
owned by the loopback interface and have a new DEVROUTE_NODEV flag
set to inhibit the RTA_OIF attribute when installing the kernel route.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
12 months agointerface-ip: mask out host bits in IPv4 route targets
Jo-Philipp Wich [Thu, 24 Aug 2023 12:16:00 +0000 (14:16 +0200)]
interface-ip: mask out host bits in IPv4 route targets

The kernel will reject attempts to install routes with target addresses
having host bits set with an "Invalid prefix for given prefix length"
error.

A route configuration like the one below will silently fail to apply:

    config route
        option interface lan
        option target 10.40.40.1/24

Attempting to do the same with iproute2 will fail as well:

    # ip route add 10.40.40.1/24 dev br-lan
    Error: Invalid prefix for given prefix length.

However, for IPv6 route targets with set host bits are allowed:

    # ip -6 route add 3000::1/64 via fe80::1234:5678:9abcd:ef01 dev br-lan
    # ip -6 route list 3000::1/64
    3000::/64 via fe80::1234:5678:9abc:def1 dev br-lan metric 1024 pref medium

In order to stay consistent here, and to avoid unecessary configuration
pitfalls, make netifd more lenient and simply mask out excess host bits
while parsing IPv4 route configuration.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
12 months agosystem-linux: fix race condition on bringing up wireless devices
Felix Fietkau [Tue, 7 Nov 2023 12:22:06 +0000 (13:22 +0100)]
system-linux: fix race condition on bringing up wireless devices

When wireless devices are added via hotplug before their state is set to up,
adding routes to the device can fail in the kernel.
Since the up state is managed externally, use it as input for netifd's device
present state, so that they are only brought up when ready.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agodevice: fix build error on 32 bit systems
Felix Fietkau [Mon, 6 Nov 2023 12:16:38 +0000 (13:16 +0100)]
device: fix build error on 32 bit systems

Increase size of the diff fields for uci_blob_diff calls, since the device
attribute list increased to >32 entries

Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agobridge: add support for configuring vlans for auth=1,auth_status=false
Felix Fietkau [Fri, 3 Nov 2023 06:58:59 +0000 (07:58 +0100)]
bridge: add support for configuring vlans for auth=1,auth_status=false

This allows detecting MAC addresses via FDB learning, or snooping
unauthenticated packets on a dedicated VLAN

Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agobridge: add auth-required bridge members with auth_status=0 if vlan is enabled
Felix Fietkau [Thu, 2 Nov 2023 16:45:29 +0000 (17:45 +0100)]
bridge: add auth-required bridge members with auth_status=0 if vlan is enabled

This allows auth decisions based on FDB information of the port (MAC auth)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agodevice: send notifications for device events via ubus
Felix Fietkau [Wed, 1 Nov 2023 08:44:26 +0000 (09:44 +0100)]
device: send notifications for device events via ubus

Send them on the network.device object

Signed-off-by: Felix Fietkau <nbd@nbd.name>
12 months agodevice/bridge: support passing extra vlans in the device_set_state call
Felix Fietkau [Wed, 1 Nov 2023 05:25:16 +0000 (06:25 +0100)]
device/bridge: support passing extra vlans in the device_set_state call

This can be used by RADIUS based 802.1x auth to dynamically define the member
vlans for the port based on its authentication status.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
13 months agoconfig: fix incompatible with jshn network-device entry
Christian Marangi [Fri, 20 Oct 2023 10:40:27 +0000 (12:40 +0200)]
config: fix incompatible with jshn network-device entry

On parsing jshn "normalize" the entry of any non alphanumeric char to
'_'. This resulted in the secanrio where the data passed by board.json
with entry 'network-device' being converted to 'network_device', and the
system still expecting data with the original 'network-device'.

To fix this, changes needs to be done in multiple place. Any function in
core uci-defaults.sh that expect 'network-device' needs to be changed to
'network_device' and here in netifd core, we need to switch to use
'network_device' directly to prevent any conflict with jshn conversion.

The issue was exposed by commit 4ebba8a05d09 ("realtek: add support for
HPE 1920-8g-poe+") in openwrt core where board_config_load call from
03_gpio introduced the key normalization by jshn.

board.json is not considered stable and is not migrated on sysupgrade
but actually recreated with up to date data, hence no migration or
special handling are needed and the entry can be directly changed.

Ref: https://forum.openwrt.org/t/57875/2589
Ref: https://github.com/openwrt/openwrt/pull/13622
Reported-by: Michael 'ASAP' Weinrich <michael@a5ap.net>
Fixes: 42c48866f1c1 ("config: parse default mac address from board.json")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
14 months agointerface: do not release device on link down
Erik Karlsson [Tue, 19 Sep 2023 11:37:59 +0000 (13:37 +0200)]
interface: do not release device on link down

On IFPEV_DOWN, do not release the main device if the interface is
intended to be brought back up again by interface_handle_config_change
and there is no configuration change. This avoids releasing the device
and then claiming it again when link is lost.

Releasing and then claiming the device can, if the driver is
configured to power the PHY down when IFF_UP is cleared, cause the PHY
to be power cycled. This can in combination with glitchy hardware
and/or drivers where it takes a few seconds for the link to stabilize
after the PHY has been powered up cause a loop where loss of link
causes netifd to power cycle the PHY and when the PHY comes back up
the link glitches and the cycle repeats.

Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
14 months agowireless: update prev_config on SET_DATA notify
Felix Fietkau [Tue, 19 Sep 2023 09:44:34 +0000 (11:44 +0200)]
wireless: update prev_config on SET_DATA notify

Fixes passing phy name from setup to teardown

Signed-off-by: Felix Fietkau <nbd@nbd.name>
14 months agowireless: dynamically enable/disable virtual interfaces base on network interface...
Felix Fietkau [Fri, 15 Sep 2023 18:30:04 +0000 (20:30 +0200)]
wireless: dynamically enable/disable virtual interfaces base on network interface autostart

This allows disabling individual interfaces with ifup/ifdown calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
14 months agowireless: clean up prev_config handling
Felix Fietkau [Fri, 15 Sep 2023 18:12:04 +0000 (20:12 +0200)]
wireless: clean up prev_config handling

Always update prev_config directly after creating it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
14 months agowireless: rework and fix vlan/station config reload handling
Felix Fietkau [Fri, 15 Sep 2023 11:06:02 +0000 (13:06 +0200)]
wireless: rework and fix vlan/station config reload handling

The vif name of sections was not properly updated.
Rework the config structure to maintain stations/vlans in a vlist in the vif struct.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
14 months agomake_ethtool_modes_h.sh: apply anti-bashism
Daniel Golle [Thu, 31 Aug 2023 23:56:35 +0000 (00:56 +0100)]
make_ethtool_modes_h.sh: apply anti-bashism

Use 'printf' instead of 'echo -e' and use 'sed' instead of 'cut' to be
compatible with shells other than bash and not require cut.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
14 months agosystem-linux: switch to new ETHTOOL_xLINKSETTINGS API
Ruiwei Chen [Sat, 25 Mar 2023 05:44:53 +0000 (13:44 +0800)]
system-linux: switch to new ETHTOOL_xLINKSETTINGS API

ETHTOOL_GSET / ETHTOOL_SSET API is deprecated since Linux v5.2
released in 2016, see torvalds/linux@3f1ac7a700d03 ("net: ethtool: add
new ETHTOOL_xLINKSETTINGS API"). All still maintained OpenWrt versions
use kernel versions new enough to support the new API.

Hence migrate to ETHTOOL_xLINKSETTINGS API API to handle
auto-negotiation for flow-control as well as higher bandwidth like
2.5G, 5G and 10G.

Use ethtool API to switch on or off auto-negotiation of Ethernet
interfaces, and set speed and duplex accordingly in case auto-
negotiation is switched off.

Add support for flow-control settings, both manual/force mode for
RX and TX pause frames as well as advertising Pause and Asym_Pause
bits.

Instead of hard-coding the supported modes, generate a header file
describing them from <linux/ethtool.h>.

Signed-off-by: Ruiwei Chen <crwbak@gmail.com>
[generate list of link modes from toolchain headers, select by speed
and duplex, also use new API for dump function, add support for flow-
control settings]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
14 months agoscripts/netifd-wireless.sh: properly fix WPA3 Enterprise support
Felix Fietkau [Thu, 31 Aug 2023 09:19:04 +0000 (11:19 +0200)]
scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support

Support the following values for the different WPA3 Enterprise modes:

- wpa3-mixed: WPA3 Enterprise transitional mode
This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
This uses only GCMP-256 ciphers

Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
15 months agonetifd: fix disabling radio via config if reconf is being used
Prasun Maiti [Thu, 17 Aug 2023 12:17:18 +0000 (17:47 +0530)]
netifd: fix disabling radio via config if reconf is being used

Do not bypass down/up reconfig codepath if the radio is being disabled,
otherwise it will be left running.

Signed-off-by: Prasun Maiti <prasunmaiti87@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix commit description]
16 months agowireless: enable dynamic reconfiguration by default
Felix Fietkau [Mon, 17 Jul 2023 09:04:29 +0000 (11:04 +0200)]
wireless: enable dynamic reconfiguration by default

Signed-off-by: Felix Fietkau <nbd@nbd.name>
16 months agowireless: add support for replacing data blobs at runtime
Felix Fietkau [Mon, 17 Jul 2023 09:03:30 +0000 (11:03 +0200)]
wireless: add support for replacing data blobs at runtime

Needed for dynamic reconfiguration

Signed-off-by: Felix Fietkau <nbd@nbd.name>
16 months agobridge: fix config reload on 32 bit systems
Felix Fietkau [Mon, 3 Jul 2023 09:09:08 +0000 (11:09 +0200)]
bridge: fix config reload on 32 bit systems

unsigned long diff overflows and needs to be turned into an array

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agowireless: fix another reconf issue
Felix Fietkau [Thu, 29 Jun 2023 10:27:02 +0000 (12:27 +0200)]
wireless: fix another reconf issue

Defer handling wdev config updates until the entire config has been processed.
Fixes an issue where only the changes of the first modified vif would be accepted

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agowireless: fix handling config reload with reconf=1
Felix Fietkau [Wed, 28 Jun 2023 12:35:46 +0000 (14:35 +0200)]
wireless: fix handling config reload with reconf=1

If reload triggers while the wdev is up, and reconf is set to 1, run the
setup handler immediately, otherwise the change will not be applied.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agowireless: fix changing reconf/serialize options in configuration
Felix Fietkau [Wed, 28 Jun 2023 12:22:15 +0000 (14:22 +0200)]
wireless: fix changing reconf/serialize options in configuration

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agobridge: add support for configuring extra vlans for the bridge itself
Felix Fietkau [Tue, 27 Jun 2023 08:48:26 +0000 (10:48 +0200)]
bridge: add support for configuring extra vlans for the bridge itself

Can be configured in the same way as extra bridge member vlans

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agobridge: fix coverity false positive report
Christian Marangi [Sat, 24 Jun 2023 12:34:12 +0000 (14:34 +0200)]
bridge: fix coverity false positive report

Fix Coverity Defect 1532481 reporting a Resource leak when
!bm->node.avl.key is false in bridge_hotplug_add.

This is not a real issue, since bm->node.avl.key is always NULL for newly
allocated entries and guaranteed to be non-NULL for entries returned by
vlist_find.

Fixes: edf3aced9f9a ("bridge: add support for adding vlan ranges via hotplug")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agobridge: add support for adding vlan ranges via hotplug
Felix Fietkau [Fri, 23 Jun 2023 10:36:51 +0000 (12:36 +0200)]
bridge: add support for adding vlan ranges via hotplug

This simplifies using wireless devices as VLAN trunking ports

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agobridge: make hotplug-added vlans default to tagged
Felix Fietkau [Fri, 23 Jun 2023 09:48:20 +0000 (11:48 +0200)]
bridge: make hotplug-added vlans default to tagged

This simplifies adding extra vlans and ranges

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agobridge: add support for configuring extra tagged vlans on member devices
Felix Fietkau [Fri, 23 Jun 2023 08:17:45 +0000 (10:17 +0200)]
bridge: add support for configuring extra tagged vlans on member devices

This can be used to allow trunking dynamically allocated VLANs into a specific
member port. In order to use this, add a device section for the member port with
the 'vlan' array option, which can contain vlan numbers or ranges.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agowireless: add network_vlan config attribute
Felix Fietkau [Wed, 21 Jun 2023 18:47:05 +0000 (20:47 +0200)]
wireless: add network_vlan config attribute

This can be used to make a wireless interface/vlan a tagged member of extra VLANs.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agovlan/vlandev: pass through extra vlan information passed via hotplug
Felix Fietkau [Wed, 21 Jun 2023 18:46:24 +0000 (20:46 +0200)]
vlan/vlandev: pass through extra vlan information passed via hotplug

This adds support for adding extra tagged VLANs in addition to the primary one

Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agosystem-linux: fix memory leak in system_bridge_vlan_check
Felix Fietkau [Sun, 4 Jun 2023 16:34:01 +0000 (18:34 +0200)]
system-linux: fix memory leak in system_bridge_vlan_check

The message passed to nl_send_auto_complete still needs to be freed
even in the normal path

Fixes: https://github.com/openwrt/netifd/issues/4
Fixes: 85f01c44a950 ("bridge: check bridge port vlan membership on link-up events")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
17 months agobridge: bridge_dump_info: add dumping of bridge attributes staging/ynezz/fixes-bridge-inspect
Petr Štetiar [Thu, 9 Mar 2023 13:57:51 +0000 (14:57 +0100)]
bridge: bridge_dump_info: add dumping of bridge attributes

There are internal decisions being made using several bridge attributes
like for example in bridge_reload(), but those attributes are not
available for the outside inspection, thus hard to follow.

So lets make inspection easier and simply just add dumping of those
bridge attributes as well.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
17 months agobridge: make it more clear why the config was applied
Petr Štetiar [Thu, 9 Mar 2023 08:30:19 +0000 (09:30 +0100)]
bridge: make it more clear why the config was applied

In some cases we see, that the bridge configuration was applied, but its
not exactly clear why it was done, so lets add a simple debugging output
which should provide currently missing clue.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
17 months agocmake: fix build by reordering the cflags definitions
Petr Štetiar [Wed, 29 Mar 2023 07:29:54 +0000 (09:29 +0200)]
cmake: fix build by reordering the cflags definitions

I've noticed bunch of build errors being emitted by clang-15/gcc-10:

 netifd.h:83:33: error: unused parameter 'level' [-Werror,-Wunused-parameter]

and it seems, that the order of definitions matters as -Wextra probably
enables previously disabled warnings like -Wno-unused-parameter.

So lets fix it, by reordering the cflags definitions.

Fixes: 463a1207f076 ("netifd: Activate -Wextra compile warnings")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
17 months agotreewide: fix multiple compiler warnings
Petr Štetiar [Wed, 29 Mar 2023 07:45:04 +0000 (09:45 +0200)]
treewide: fix multiple compiler warnings

Fixes bunch of clang-15/gcc-10 compiler warnings, mostly related to
blobmsg_for_each_attr() usage:

 error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
 error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
 error: format string is not a string literal [-Werror,-Wformat-nonliteral]

Signed-off-by: Petr Štetiar <ynezz@true.cz>
18 months agobridge: remove stray newline from device status vlan port list
Felix Fietkau [Thu, 4 May 2023 13:14:59 +0000 (15:14 +0200)]
bridge: remove stray newline from device status vlan port list

Signed-off-by: Felix Fietkau <nbd@nbd.name>
19 months agodevice: fix segfault when recreating devices
Felix Fietkau [Mon, 17 Apr 2023 11:11:53 +0000 (13:11 +0200)]
device: fix segfault when recreating devices

Depending on the configuration, the callback on device_release could end up
deleting the device_dep from the list. If that happens, it must not be added
back to the recreated device, since that leads to use-after-free issues.
Check dep->dev before adding it back.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
21 months agonetifd: Activate -Wextra compile warnings
Hauke Mehrtens [Sun, 12 Feb 2023 20:02:08 +0000 (21:02 +0100)]
netifd: Activate -Wextra compile warnings

This activates some more compile warnings.
-pedantic is not yet activated, then we see too many errors which I do
not know how to mitigate.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agonetifd: Explicitly zero initialize variables
Hauke Mehrtens [Sun, 12 Feb 2023 20:38:04 +0000 (21:38 +0100)]
netifd: Explicitly zero initialize variables

The -pedantic option was complaining about the old initialization and
prefers if it is explicitly initialized to zero.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agonetifd: Do not return values in void function
Hauke Mehrtens [Sun, 12 Feb 2023 20:07:14 +0000 (21:07 +0100)]
netifd: Do not return values in void function

These two functions return void, do not try to return a parameter.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agonetifd: Fix multiple -Wsign-compare warnings
Hauke Mehrtens [Sun, 12 Feb 2023 20:07:31 +0000 (21:07 +0100)]
netifd: Fix multiple -Wsign-compare warnings

This fixes warnings like this:
warning: comparison of integer expressions of different signedness: 'int' and 'long unsigned int' [-Wsign-compare]

Mostly this was an int compared to a size_t returned by ARRAY_SIZE().
The easiest fix is to count on the size_t type.

The ifindex is sometimes an unsigned int and sometimes a signed int in
the kernel interfaces. I think it normally fits into an unsigned 16 bit
value, so this should be fine. Do the one comparison where the
compiler complains as a long.

Casting the result of sizeof() to int should be safe. These values are
never out of range of int.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
21 months agonetifd: bridge: Fix format string position
Hauke Mehrtens [Sun, 12 Feb 2023 20:01:57 +0000 (21:01 +0100)]
netifd: bridge: Fix format string position

This fixes the following compile error:
error: format not a string literal, argument types not checked [-Werror=format-nonliteral]

blobmsg_printf() has the following signature:
int blobmsg_printf(struct blob_buf *buf, const char *name, const char *format, ...)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
22 months agodevice: fix vlan device issues with disappearing lower devices
Felix Fietkau [Fri, 30 Dec 2022 15:38:41 +0000 (16:38 +0100)]
device: fix vlan device issues with disappearing lower devices

In some cases, if a VLAN is created on top of a bridge, a config reload
can lead to the bridge being torn down while netifd still considers the
VLAN device to be up.
In that case even a setup retry of an interface on top of the vlan does
not recreate the vlan device, because it is still claimed.
Fix this by releasing all device claims whenever a device goes away.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
22 months agovlandev: propagate topology changes
Felix Fietkau [Fri, 30 Dec 2022 14:16:50 +0000 (15:16 +0100)]
vlandev: propagate topology changes

Same as vlan

Signed-off-by: Felix Fietkau <nbd@nbd.name>
22 months agoutils: include utils.h last
Felix Fietkau [Thu, 29 Dec 2022 18:56:08 +0000 (19:56 +0100)]
utils: include utils.h last

Fixes conflict with some system headers that use the fallthrough keyword

Signed-off-by: Felix Fietkau <nbd@nbd.name>
22 months agosystem: move netdev types to system-linux.c where they are used
Felix Fietkau [Thu, 29 Dec 2022 18:55:30 +0000 (19:55 +0100)]
system: move netdev types to system-linux.c where they are used

Fixes compile error on non-linux systems (used for testing)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
23 months agowireless: add support for disabling multicast-to-unicast per virtual interface
Felix Fietkau [Mon, 19 Dec 2022 17:15:01 +0000 (18:15 +0100)]
wireless: add support for disabling multicast-to-unicast per virtual interface

Signed-off-by: Felix Fietkau <nbd@nbd.name>